Sharing Information with the Private Sector

As the terrorist attacks on transportation infrastructure in London and Madrid demonstrate, critical infrastructure can be a prime target for the
transnational terrorist enemy we face today. The private sector owns and operates an estimated 85% of infrastructure and resources that are critical to
our Nation's physical and economic security. It is, therefore, vital to ensure we develop effective and efficient information sharing partnerships with
private sector entities. Important sectors of private industry have made significant investments in mechanisms and methodologies to evaluate, assess,
and exchange information across regional, market, and security-related communities of interest. This Strategy builds on these efforts to adopt an
effective framework that ensures a two-way flow of timely and actionable security information between public and private partners.

Efforts to improve information sharing with the private sector have initially focused on sharing with the owners and operators of our Nation's critical
infrastructure and key resources. In accordance with the National Infrastructure Protection Plan, we are currently implementing a networked approach to
information sharing that allows distribution and access to information both horizontally and vertically using secure networks and coordination
mechanisms, allowing information sharing and collaboration within and among sectors. It also enables multi-directional information sharing between
government and industry that focuses, streamlines, and reduces redundancy in reporting to the greatest extent possible.

These processes are enabling the integration of private sector security partners, as appropriate, into the intelligence cycle and National Common
Operating Picture. Moreover, sector security partners are becoming more confident that the integrity and confidentiality of their sensitive information
can and will be protected and that the information sharing process can produce actionable information regarding threats, incidents, vulnerabilities,
and potential consequences to critical infrastructure and key resources. These efforts are being integrated into broader efforts to establish the ISE.

It is important to note that critical infrastructure and key resource owners and operators utilize a number of mechanisms that facilitate the flow of
information, mitigate obstacles to voluntary information sharing, and provide feedback and continuous improvement regarding structure and process.
These include the Sector Coordination Councils, Government Coordination Councils, National Infrastructure Coordinating Center, Sector-level Information
Sharing and Analysis Centers (commonly referred to as ISACs), DHS Protective Security Advisors, the DHS Homeland Infrastructure Threat and Risk
Analysis Center (HITRAC), and State and major urban area fusion centers. These mechanisms accommodate a broad range of sector cultures, operations, and
risk management approaches and recognize the unique policy and legal challenges for full two-way sharing of information between private sector owners
and operators and government, as well as the important requirements for efficient operational processes.

Our efforts to improve information sharing with the private sector have been guided by a number of important factors:

Current, reliable, accurate, and actionable information is critical to private sector decisions to protect their business;

Private sector entities gather, process, analyze, and share information in order to protect their companies, assets, employees, infrastructure, and
ability to operate, so as to maintain a competitive advantage;

In many cases, private sector entities have spent years establishing strong working relationships with Federal, State, and local law
enforcement and other entities; this Strategy respects and encourages those established relationships;

The private sector operates within multiple information sharing frameworks: industry executives often prefer to separately share threat-related
information with Federal and State as well as local government officials and other business executives as they assess the threat environment in which
they operate, implement protective measures, and engage in emergency response planning activities;

As we incorporate the information sharing needs and capabilities of the private sector into our efforts to enable information sharing, we need to
recognize that at times the environment in which homeland security, law enforcement, and terrorism-related information is shared mirrors the regulatory
environment in which the sharing entity operates; and

The private sector relies on multiple information sources including professional and local organizations, private information providers, news
outlets, colleagues, open intelligence sources on the web, and company management in both domestic and foreign locations, in addition to the government
at all levels (Federal, State, and local).

Accordingly, as we improve efforts to share terrorism-related information with the private sector we must continue to:

Improve the two-way sharing of terrorism-related information on incidents, threats, consequences, and vulnerabilities, including enhancing the
quantity and quality of specific, timely, and actionable information provided by the Federal Government to critical infrastructure sectors and their
State, local, and tribal partners;

Ensure that Federal, State, local, and tribal authorities have policies in place that ensure the protection of private sector information that is
shared with government entities;

Integrate private sector analytical efforts into Federal, State, local, and tribal processes, as appropriate, for a more complete understanding of
the terrorism risk; and

Establish mechanisms and processes to ensure compliance with all relevant U.S. laws, including applicable information privacy laws.

We will continue to build upon existing successful information sharing partnerships in a variety of areas key to our national security. Those include
programs such as the following:

The Critical Infrastructure Partnership Advisory Council - provides the framework for owner and operator members of Sector Coordinating Councils
and members of Government Coordinating Councils to engage in intra-government and public-private cooperation, information sharing, and engagement
across the entire range of critical infrastructure protection activities;

InfraGard - a partnership between the Federal Government, an association of businesses, academic institutions, State and local law enforcement
agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States;

Protected Critical Infrastructure Information/Sensitive Security Information - an information-protection tool that facilitates information
sharing between the government and the private sector, which is used by DHS and other Federal, State, and local analysts in pursuit of a more secure
homeland, focusing primarily on analyzing and securing critical infrastructure and protected systems, identifying vulnerabilities and developing risk
assessments, and enhancing recovery preparedness measures;

The Overseas Security Advisory Council - a Federal advisory committee that promotes security cooperation between American business and private
sector interests worldwide and currently encompasses the 34-member core Council, an Executive Office, over 100 Country Councils, and more than 3,500
constituent member organizations and 372 associates; and

Existing collaborative information sharing relationships between private sector entities and State and local authorities to facilitate the sharing
of time-sensitive threat and vulnerability information, which reflect the preference, in some cases, of private sector entities to coordinate the
sharing of threat-related and other information with the government authorities responsible for regulating their activities.

The President also created the National Infrastructure Advisory Council (NIAC). The NIAC is charged to make recommendations on improving the
cooperation and partnership between the Federal Government and industry, for the purpose of securing the critical infrastructures. The advice from the
NIAC is meant to assist the President and the Secretary of Homeland Security in the development of policies and strategies that range from risk
assessment and management to information sharing, protective measure, and clarification on roles and responsibilities between public and private
sectors.

Finally, the needs and capabilities of the private sector, particularly those entities considered to be critical infrastructure or key resources, will
be incorporated into efforts to establish a national, integrated network of State and major urban area fusion centers and to produce "federally
coordinated" terrorism-related information products at NCTC.